Is MKS so good?

Discussion in 'other anti-virus software' started by Windfresh, May 7, 2005.

Thread Status:
Not open for further replies.
  1. Windfresh

    Windfresh Registered Member

    Joined:
    Apr 30, 2005
    Posts:
    86
    Hi,
    I found very interesting results of testing-I googled Antiviruses 2005 in group search and what I fdiscovered:REPORT:
    Discovered and tested MKS-Vir2005, from Poland. Surprisingly, this one with
    caught every sample perfectly on Medium Heuristics. Specifically, nearly 50
    samples were picked up Heuristically giving it a perfect score of 321/321.
    However, when I increased Heuristics to "Super Deep", it picked up an
    addition 10 more suspicious files. Upon further investigation, it was found
    that it was picking up signatures of hacktool utilities left over in some of
    the archives and flagging those files. Indeed, this is impressive.
    MKS-Vir2005 exhibits the most advanced detection algorithms i've ever seen,
    clearly it only had signatures for 271 of my samples, but through code
    emulation, it was able to pick up all 321 samples!! It clearly labeled the
    Heuristically found ones as things as "Likely Win32 Trojan" or "Highly
    Suspicious Acting File". In addition, its scanning speed was incredibly
    quick, and its memory footprint was quite small. Impressive! Furthermore,
    this is a full featured and fairly polished product that appears to update
    at least once per day, and tech support responded to me within 5-15 minutes
    on my emails. Unfortunately, it appears to not be available in the US for
    purchase at this time.


    1a MKS_Vir 2005 - 321/321 0 Missed - 100%
    1b eXtendia AVK - 321/321 0 Missed - 100%
    2a Kaspersky 5.0 - 320/321 1 Missed - 99.70% (with Extended Database ON
    2b McAfee VirusScan 8.0 - 319/321 + 2 (2 found as joke programs -
    heuristically - 99%
    3 F-Secure - 319/321 2 Missed - 99.37%
    4 GData AVK - 317/321 4 Missed - 98.75%
    5 RAV + Norton (2 way tie - 315/321 6 Missed - 98.13%
    6 Dr.Web - 310/321 11 Missed - 96.57%
    7 CommandAV + F-Prot + BitDefender (3 Way Tie - 309/321 12 Missed - 96.26%
    8 ETrust - 301/321 20 Missed - 93.76%
    9 Trend - 300/321 21 Missed - 93.45%
    10 Avast! Pro - 299/321 22 Missed - 93.14%
    11 Panda - 298/321 23 Missed - 92.83%
    12 Virus Buster - 290/321 31 Missed - 90.34%
    13 KingSoft - 288/321 33 Missed - 89.71%
    14 NOD32 - 285/321 36 Missed (results identical with or without advanced
    heuristics - 88.78%
    15 AVG Pro - 275/321 46 Missed - 85.66%
    16 AntiVIR - 268/321 53 Missed - 83.48%
    17 Antidote - 252/321 69 Missed - 78.50%
    18 ClamWIN - 247/321 74 Missed - 76.94%
    19 UNA - 222/321 99 Missed - 69.15%
    20 Norman - 215/321 106 Missed - 66.97%
    21 Solo - 182/321 139 Missed - 56.69%
    22 Fire AV - 179/321 142 Missed - 55.76%
    23 V3 Pro - 109/321 212 Missed - 33.95%
    24 Per_AV - 75/321 - 246 Missed - 23.36%
    25 Proland - 73/321 248 Missed - 22.74%
    26 Sophos - 50/321 271 Missed - 15.57%
    27 Hauri - 49/321 272 Missed - 15.26%
    28 CAT Quickheal - 21/321 300 Missed - 6%
    29 Vir_iT - 10/321 311 Missed - 3%
    30 Ikarus - Crashed on first virus. - 0%


    Reply
    What the test is it? I can't comprehend.Please,comment it.Can MKS be better than Kaspersky?It is very strange and suspicious... :doubt:
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    No,MKS_Vir (or ArcaVir) isn't that good. Also this tests uses a very small testbed. So results can be different then elsewhere.
    But in general,ArcaVir is a very good AV with solid detection and quiet good heuristics.
     
  3. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    I agree with RejZoR, ArcaVir is nice, but not as good as Kaspersky, BitDefener, McAfee or NOD32 (yet) ;)
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Windfresh,

    See here for a more detailed view of that test result.

    This was an informal test protocol using a small test bed. As the test bed becomes smaller, error limits on the results widen. The differences quoted in the results observed between KAV and mks_vir are certainly within the noise level of the test. In essence, these results are the same for these two AV's for this particular test. That result is neither strange nor suspicious - it is what should be expected from a modestly sized testbed, even asssuming a perfectly validated set of samples.

    Blue
     
  5. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Old test of Kobra's which has been around awhile and discussed in detail here at Wilders before.

    Not very scientific because of the small sample size but it shows a general trend in AV detection and you would therefore select an AV from the top of the Table rather than near the bottom.

    The only real surprise is how well QuickHeal did here :rolleyes: :D :D
     
    Last edited: May 7, 2005
  6. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    If someone else posts Kobra's test again, my head is going to explode. It is so old and outdated. Not a bad small test, but old.

    With that being said, the results with that test were pretty consistant with other tests around the same time period and I believe this was the first time MKS was tested outside of Poland. Also I believe that was the first time most people heard of AVK.

    Other than that, I wish it would stop. 8-P
     
  7. Honyak

    Honyak Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    346
    Location:
    Deep South
    I would hold off on MKS (polish version)/ArcaVir (us), their support people and forum administrator have been missing in action since April 18th.
    For me it is a personal favorite, but something is going on with Arcavir right now.
     
  8. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    I could have told you the guys at Stormbyte don't have much business sense. Their attitudes overall I found to be not very business-like.

    I dropped Arcavir like a rock a few months ago, I saw this coming - honestly.
     
  9. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    I Agree,

    Yes it has good Heuristics etc BUT major SoberP outbreak on Tuesday 2nd May. MKS/Aravir did not had defs until 4th May (Seems they were on Holiday) which in my mind makes a VERY bad AV Solution.

    As Honyak says there has been no support on the forum since April 18th. It would nice to even have an explaination as to why the defs were delayed and a promise for it not to happen again but seems like they are hiding.

    Even AVG and Avast had added defs by 10pm GMT 2nd May and they offer free home solutions.

    When I logged on 7am GMT 3rd May I received 2 SoberP viruses in my E mail. Had I been running MKS it would have offered me no protection as it did not detect this threat with Heuristics.

    Cheers

    Jlo
     
  10. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Let me just make a few comments on the topic in general:

    1. Although North American sales and support for Arcavir 2005 is through www.stormbyte.com, they are a reseller of this product. Their presence or absence is indicative of their health, not necessarily the products producer. If the reseller is unable to cover costs through continuing sales, they simply have to step back. That's commercial reality. I don't know if that is the circumstance here, but the extended absence is unusual.

    2. I guess I would be more concerned with the death of Marek Sell (the mks of mks_vir) just prior to the appearance of mks_vir on the international market. I don't know if he was the entire heart and soul of the organization, but I would be concerned about it and the organization moving forward. No matter how you look at it, that had to be a devastating loss for the company.

    3. The "special" test results of mks_vir presented by av-comparatives.org place this product at basically the same level as CA InnoculateIt, TrendMicro, Avast!, H+BEDV Antivir, and Sophos. That's decent company to be in and we should not be lose sight of that.

    4. This product (mks_vir) is certainly quite viable in the regional Polish market. The key question is whether it can find commercial success beyond that local market. Going from a regional to an international presence is difficult. Bumps in the road are expected - maybe the current situation is one, I simply don't know.

    5. The extensions of Arcavir 2005 beyond a simple AV/AT to include a firewall and registry monitor were, I personally feel, a mistake. Extending the functionality of the product without solidifying the core competence in the eyes of the market is typically a recipe for failure. This is a direction I would not recommend if asked.

    6. There are some minor steps that mks_vir/Arcabit could take to make this a very nice package. Some of it is organizational (24/7 support of some type is absolutely required to gain confidence), some of it is cosmetic (the GUI could use some help), some of it is structural (intermodule switching should be faster). These are not profound changes. The basic package is solid.

    The situation with this product is similar to many others. Occasionally, we not only embrace offerings as a singular solution too quickly, but we discard them prematurely at the first hint of difficulty. This can happen with both new and old products. Consumers are a fickle bunch and commercial success requires management of this fact as well as providing a good technical solution.

    I purchased an mks_vir license some time ago. To me, the entire first year is my testing phase. There are a few other young products which I use that I place in a similar category - they have very intriguing possibilities, but they are not quite complete. While I don't recommend them without reservation, they are sufficiently functional for me to be comfortable in using them on my primary machine on a regular basis, and for me this the extended test phase. Not unlike the circumstance with mks_vir

    Blue
     
  11. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hi BlueZannetti,

    Thanks for your great post.

    I had no idea the head guy had passed on! A lot of the points you mentioned make sense and I know on the MKS website updates are still coming in (6th May)

    This may expain why no updates were issued over the 'bank holiday' in Poland but as you said from now on if they are to survive they must be able to provide 24hr emergency updates in case of oubreaks.

    I am quite sure that Avast and AVG lack well behind in detection rates and Heuristics and MKS is a superior product but when the night and day (3rd May) went buy with Sober worm peaking (I have received 8 so far and am a home user) one loses confidence with the product.

    It would just be nice to have a support message expaining why the delay was and that they would work to not let it happen again. Everyone makes mistakes!

    Cheers

    Jlo
     
  12. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    jlo,

    I agree.

    Another way to keep the SoberP worm issue in perspective is to think over the past year or so. Has any other major AV player had issues that left their users somewhat vulnerable for a short period of time?

    If I widen the window long a bit, I am sure that I would be able to find an example from every AV vendor where they dropped the ball due to some combination of events. It happens, good companies adapt and move forward, poorly managed companies repeat their errors and eventually wither away.

    For now, I'll just focus on the generally accepted gold standard - KAV. In the early months of this year, KL experienced update server problems which basically prevented receipt of definition updates for a number of days for many users worldwide. I know this is the case since the PC's I have running KAV WS were effected. Even here, after apparently making some internal changes which were claimed to render a recurrance of this type of problem impossible, there was one more minor outage incident shortly thereafter. Note, KL's mea culpa here was also issued rather late in the event, there was virtually no comment for a number of days.

    KL had an extended track record and a large reserve of user goodwill to spend and they weathered the storm well. Smaller new companies don't have that reservoir of goodwill, so they simply have to be more circumspect in this regard.

    It is unfortunate that Arcavir's NA reseller seems to be absent. It would be useless for me to speculate on a cause since I have no information on which to base that speculation. Definitions seem to be moving again, which for most users is what matters.

    Regards,

    Blue
     
  13. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    ArcaVir/Mks_vir needs to update their signatures more often (not just weekdays) and have the mind to better their product and support with the recent Sober issue. Lots of ArcaVir users have turned off and moved to different AV. Not good as this product was just recently upgraded, in terms of opening to US market, adding more features to the product (firewall, registry monitor, process analyzer, etc.).

    They should keep running until the finish line.
     
  14. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    When I see the name Kobra I know enough.....:rolleyes:
     
  15. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    We've been through some recent discussions (here, here, and here, for example) on some of the issues involving casual test protocols, and we really do not need to revisit that topic in this thread.

    This thread is about mks_vir, not a currently outdated casual test result.

    Blue
     
  16. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    ArcaBit support is working fine, but I'd really not recommend MKS/ArcaVir anymore. I knew the support was a bit strange, and I held on to it till today.

    I'd really not recommend it anymore, because of the patchy support and bad updates.
     
  17. gmichale

    gmichale Registered Member

    Joined:
    May 8, 2005
    Posts:
    7
    Location:
    Poland
    About detection tests.

    Well, to be honest, comparative detection tests performed on small (I mean smaller than for example 50'000 random samples) doesn't give the reasonable results because it's possible to select samples in the way that gives us the result we want - we can suppose the order of the products and select the test samples set to get it. I hope you understand what I mean. So - most of detection test does not make any sense. ArcaVir has a really good detection level. We receive lot of emails with sentences like that: "...and ArcaVir detected worm X and the product Y did not...". But it also works in the other way sometimes - "...product Y detected worm Z and ArcaVir did not..." - it is common situation in every AntiVirus company.

    About Sober.

    Our mistake. We do everything we can to avoid such situation in the future.

    Grzesiek
    ArcaBit
     
  18. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Hey...your back! Yes!!!!

    Hey guys....If I'm right, this guy is Grzesiek from ArcaBit support!

    YAY!! :D:D:D

    Thanks for visiting Wilders'

    Regards,
    Firecat :D
     
    Last edited: May 8, 2005
  19. gmichale

    gmichale Registered Member

    Joined:
    May 8, 2005
    Posts:
    7
    Location:
    Poland
    Hi !!!!!!!! It's really really nice to join Wilders Security Forum and meet you here ! :) :) :)
     
  20. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I no longer have my license of ArcaVir (transferred), but I remember you quite well from my various emails to support. ArcaVir is an interesting product, and I will keep an eye on it, even though I now use NOD32 :)

    Especially so now that support's gonna be better (because you are here) and updates will also be better :)
     
  21. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I just mailed ArcaBit about some false positives (using their web form) and they replyed to me in matter of seconds. Had some issues few weeks (months?) ago and i also got such swift response. Don't know about Stormbyte,but ArcaBit guys are very active (and it's sunday!).
     
  22. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Thanks for your post Grzesiek,

    Its great to have a response from Arcabit.

    Thanks also for your honesty about the Sober Worm. If the problem can be addressed to it does not happen again then that's great.

    Reading BlueZanetti's post I was suprised to see KAV had problems in the past with servers.

    In fact come to think of it I remember AVG have major problems with there servers making it almost impossible to get updates for days so yes BulueZanettti is right, everyone makes mistakes. Just everyone remembers when its a new product and is quick to point the finger when things to wrong(me included)


    Wish you all the best with your Arcabit!

    Kind Regards

    Jlo
     
  23. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    I have just seen that Mariusz is back on the case at Stormbyte forum at http://www.stormbyte.com/forums/viewtopic.php?t=131&start=15

    Nice to have you back Mariusz!

    He sayes

    'Posted: Sun May 08, 2005 12:30 pm Post subject:

    --------------------------------------------------------------------------------

    Arcavir and Stormbyte are alive and "kicking".
    Sorry that for the past two weeks I was not able to respond to your forum posts.
    _________________
    Mariusz K. Sasinski
    Stormbyte Technologies, LLC
    122 Main St
    New Britain, CT 06051
    Phone: 860.797.2004 x 1410
     
Loading...
Similar Threads
  1. jjc225
    Replies:
    2
    Views:
    401
Thread Status:
Not open for further replies.